IMS Threat and Attack Surface Analysis Using Common Vulnerability Scoring System

For the purposes of this study, IMS specifications and public sources were analyzed using the general attack surface analysis methodology. These findings were verified and augmented by active scanning and passive analysis of the available real-world IMS test setups that were investigated during the project. As various tests and security probes were performed against the test setups, the system behaviour was analyzed for previously undetermined interactions and transient attack surfaces. After the IMS attack vectors had been identified, the Common Vulnerability Scoring System version 2 (CVSSv2) Base Scores were used to prioritize the IMS attack surface interfaces. CVSS is an industry standard for classifying vulnerabilities. It must be noted however that the idea of applying CVSS scoring to an a priori comparison of vulnerability categories and potential attack surfaces is original research by the authors of this study.